Is the Internet of Everything Under Attack?

The “Internet of Everything” (also known as the Internet of Things) became one of the biggest technology buzzwords of 2013, as can easily be seen in Google Trends. This term refers to the increased digitisation of everyday objects – any new technology device is being designed with connectivity in mind, whether that device is a smart TV, or a smart toaster. With more and more devices coming online, securing these devices becomes one the next big security challenge.

Gamers and Augmented Reality

2014 already has a glittering array of interesting technologies lined up for launch. Gamers have a lot to look forward to: not only has the latest console war started, but Valve will also bring Linux gaming to the fore with the Steam Machine, The Oculus Rift may revolutionize interactive gaming. Gaming has already been a lucrative target for criminals, with gaming accounts regularly traded in criminal forums. If the Steam Machines proves popular, a rise in Linux malware may be on the cards.

2014 could also be the year that augmented reality (AR) starts to become more common in everyday life. There are already many AR apps that you can play with on your smartphone; however a phone is not well suited for AR. You need to take it out of your pocket, unlock it, open an app, aim it at the object you are interested – and even after all that you are working with a relatively small 4 or 5-inch screen.

AR works best with full immersion – and that’s where wearable technology like Google Glass and SpaceGlasses come in. There are many interesting technical and even psychological attacks that can be carried out against such devices. For example, owners of these devices are (almost literally) walking around with a camera attached to their head. It’s not a major leap for a criminal specializing in banking malware to realize that this an excellent way to capture banking PINs and passwords.

SCADA under fire

Since the discovery of Stuxnet the ICS/SCADA community has come under intense scrutiny from the security industry. Most security conferences now feature at least one talk on SCADA security. Trend Micro’s Forward Looking Threat Research team released a series of papers on the topic in 2013 and proved that SCADA attacks are not just theoretical, but are taking place in reality.

In 2014 this will certainly continue, especially in targeted attacks or cases of blackmail and extortion. A new area is really starting to heat up for security researchers and attackers alike – the whole area of radio-based communications. Because radio uses no wires and is sent “magically” through the air, many people assume (wrongly) that it is secure.

This year, Trend Micro showed that the AIS standard used for ship tracking has many issues – and other researchers showed similar issues with ADS-B (which is used in aviation). We expect to see more such research released in 2014. More technology that were never designed with security in mind, or to be easily accessible remotely – are suddenly being connected to the Internet, leaving their security holes for everyone to see.

No “killer app”

With all of these interesting and emerging technology on the horizon, will attacks on the Internet of Everything become a major issue in 2014? No, we don’t think so. While we certainly think that attacks on IoT devices and the underlying architecture will be a major area of attack in the future, that future will not be until 2015 and beyond.

As discussed further in our 2014 security predictions, what is missing right now is the “killer app” that will drive mainstream adoption of IoT. There are many innovative devices, but no massive breakthroughs. Google Glass (or something like it) may be the closest to finding its “killer app”, but even then it will take time to become fully mainstream. It’s only at that point – when there’s a critical mass of users that can be targeted – that it makes sense for criminals to go after it.

However, once such a device does reach mass appeal – cybercriminals of this world will not be slow to act.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware: